Re: Any access control mechanism that allow exceptions?
From: Horst von Brand
Date: Sat Aug 06 2005 - 21:28:32 EST
Xin Zhao <uszhaoxin@xxxxxxxxx> wrote:
> I want to lock down a directory to be read-only, say, /etc, for system
> security.
If root can bypass that somehow, it is useless anyway.
> Unfortunately, some valid system tools might need to
> create/modified files like "/etc/dhclient-eth0.conf". To avoid
> disrupting the normal running of those tools, I might have to allow
> certain files to be created under /etc.
Use standard permissions, or make affected files inmutable.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/